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Abstract 

For Boolean functions computed by read-once, depth-U circuits with unbounded fan-in 
over the de Morgan basis, we present an explicit pseudorandom generator with seed length 
n). The previous best seed length known for this model was 0(log^''’"^ n), obtained 
by Trevisan and Xue {CCC ‘13) for all of AC° (not just read-once). Our work makes use of 
Fourier analytic techniques for pseudorandomness introduced by Reingold, Steinke, and Vadhan 
{RANDOM ‘13) to show that the generator of Gopalan et al. {FOCS ‘12) fools read-once AC°. 
To this end, we prove a new Fourier growth bound for read-once circuits, namely that for every 
F : {0,1}" —>■ {0,1} computed by a read-once, depth-1? circuit, 

^ \F[s]\<0{\og^-^n)\ 

sC[n],|s|=fc 


where F denotes the Fourier transform of F over 


1 Introduction 

1.1 Pseudorandomness for Constant-Depth Circuits 

A central question in pseudorandomness is whether the class of all decision problems solvable in 
randomized polynomial time can also be solved in deterministic polynomial time (P = BPP). To 
resolve this in the affirmative, it suffices to show that there exist logarithmic-seed-length pseudo¬ 
random generators that fool polynomial-size circuits, where a generator G : {0,1}™ —?■ {0,1}” is 
said to e-fool a function F : {0,1}"' —> {0,1} if 

\E[F{Un)] -E[F{G{Um))]\ <e. 

Such generators were constructed by Impagliazzo and Wigderson [16] under the assumption that 
there are exponential time decision problems that require circuits of exponential size. 

To obtain unconditional results in pseudorandonmess, however, it becomes necessary to restrict 
the class of “distinguishers” that a generator should fool. Ajtai and Wigderson [T] were the first to 
consider the problem of constucting generators specifically for AC®, i.e. constant-depth circuits with 
unbounded fan-in over the de Morgan basis (AND, OR, and NOT gates), and in their pioneering 
work they achieved seed length O(n^) for any constant e > 0. 

’Supported by NSF grant CCF-1420938 
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Nisan [T9] then improved this seed length to polylog(n) using hardness of parity for AC*^. Sub¬ 
sequent works IHITlini |22| have used bounded independence or small-bias spaces |20| to fool AC° 
circuits. Most recently, Trevisan and Xue |28| used the insight that pseudorandom restrictions 
simplify circuits to decision trees as in Hastad’s switching lemma to improve the seed length for 
depth-Z) circuits to 0(log'^'’'^ n), which remains the best-known generator for AC*^. 

For the further restricted class of read-once depth-2 circuits (i.e. CNF or DNF formulas in which 
every variable appears at most once), Gopalan et ah [TO] constructed a pseudorandom generator 
generator with seed length O(logn). 

In this paper, we restrict our attention to read-once AC^, that is, constant-depth formulas over 
the de Morgan basis with unbounded fanin. We continue the approach initiated by Ajtai and 
Wigderson [T], namely that of applying pseudorandom restrictions to the circuit to be fooled and 
incorporate more recent techniques [ini|23l[26] into the analysis. 

1.2 Our Results 

Our main result is an improvement upon Trevisan and Xue’s 0(log^'’'‘^ n) seed length [28] for AC® 
in the special case of read-once AC® circuits: 

Theorem 1.1 (Main Result). There is an explicit pseudorandom generator G : {0, "■) — 

{0,1}” fooling read-once AC® circuits of depth D on n inputs. 

In contrast, the probabilistic method implies the existence of an inefficient pseudorandom gener¬ 
ator for AC® with seed length 0(log(n/e)) and it is conjectured that efficient generators with match¬ 
ing seed length exist. However, an efficient pseudorandom generator with seed length o(log^(n/e)) 
would imply stronger circuit lower bounds for AC® than are currently known |12j . This presents a 
serious barrier to the construction of pseudorandom generators and our results show that we can 
match this barrier up to one 0(log(n/e)) factor in the read-once setting. 

1.3 Our Techniques 

Our pseudorandom generator is that of Gopalan et al. m, which is also used by Reingold et al. [23] 
and Steinke et al. [25]. Roughly speaking, the generator fixes a carefully chosen fraction of the input 
bits of a given circuit in a way that approximately preserves the acceptance probability on average. 
This is applied recursively to fool the circuit using few random bits. 

The key to the analysis is discrete Fourier analysis: Fourier analysis has proven highly effective 
in studying functions on the Boolean hypercube m], finding applications in not just pseudoran¬ 
domness but also arithmetic combinatorics, circuit complexity, communication complexity, learning 
theory, and quantum computing. The basic principle is to study a function F : {0,1}” —)> M by 
expressing it in the Fourier basis, namely 

F'ix) = F[s]xs(a;), 

se{o,i}" 

where Xs(x) = (—1)^'* for s,x G {0,1}"'. Of particular relevance to pseudorandomness is the fact 
that the Fourier coefficients F can be used to measure the “complexity” of F. For example, if 
X]se{o 1}" then F can be e-fooled by an efficient small-bias generator [20] with seed 

length 0(log(nR/e)). 

Reingold et al. [23] showed that to be fooled by the pseudorandom generator of Gopalan et 
al. [10] . it suffices to satisfy a weaker condition on the Fourier coefficients: we only need to bound 
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the Fourier growth — that is, we must show that 


Vfe G {1, 2, • • • , n} 


E 

sG{0,1}^:|s|=/c 



<B-c^ 


for a “small” value of c (e.g. c = polylog(n)). By bounding the Fourier growth of read-once, 
“permutation” branching programs, Reingold et al. proved that this generator fools such branching 
programs; Steinke et al. [26] then showed a similar bound for all read-once branching programs of 
width three. 

The main contribution of this work is to prove such a Fourier growth bound for the case of read- 
once AC^. To our knowledge, while there are known Fourier growth bounds for f\QP (of a different 
nature than those we require) due to Linial et al. [T7] and Impagliazzo and Kabanets [TTj (with 
implications for the sensitivity and learnability of formulas), and while a Fourier concentration 
result of Mansour [T8| was used by De et al. [9| to show small-bias spaces fool depth-2 circuits, this 
work is the first to apply Fourier growth bounds to the problem of pseudorandomness against AC^. 

Theorem 1.2 (Fourier Growth Bound). If F : {0,1}”’ —)• {0,1} is computed by a read-once, 
depth-D circuit, then 

E i^wi s o(iog“-‘(»))‘. 


To prove our Fourier growth bound, we induct on depth to show that the Fourier mass at any 
node of F is either polynomially small or can be bounded in terms of both the acceptance and 
rejection probabilities at that node. 

Theorem 1.2 together with the analysis o f St einke et al. |26| gives a generator with seed length 
0(log^'''^(n)). Roughy speaking. Theorem 1.2 implies that we can restrict an n(l/log^“^(n)) 


fraction of inputs via a small-bias space and approximately preserve the acceptance probability 
(on average). Doing this 0(log^“^ n) • O(logn) times sets all the input bits. Each restriction uses 
O(logn) random bits, whence we obtain a pseudorandom generator with seed length 0(log^^^(n)). 


1.4 Organization 

In Section we introduce preliminary definitions and technical tools to be used in our analysis. 
In Section]^ we prove our Fourier growth bound. In Section]^ we verify that the analysis in [26] 
of their pseudorandom restriction generator for branching programs applies to our setting of read- 
once AC*^ and use the results of the preceding sections to prove that it indeed fools read-once AC*^ 
circuits. 


2 Preliminaries 

2.1 AC° Circuits 

Definition 2.1. A read-once, depth-D AC*^ circuit on n inputs is a Boolean function F : 
(0,1}” —7- {0,1} represented by a tree of depth D with n leaves whose nodes either compute the 
AND or OR of the values computed by their child nodes or the NOT of the value computed by a 
single child node, and whose output is the value computed by the root of the tree. For a node / of 
F, we say that / is of height d if it is the parent of a node of height d—1, and of height 0 if it is a 
leaf (i.e. an input node). By standard techniques, all the NOT gates can be pushed to the inputs. 
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2.2 Fourier Analysis 

Recall the following basic definitions in Fourier analysis: 

Definition 2.2. Define the characters of {0,1}*^ to be the maps Xs(x) = (—1)^'® for s G {0, !}"■, 
where x ■ s denotes the bitwise dot product. 

For any function F : {0,1}"^ — R, the (discrete) Fourier transform of F is the function 
F : {0,1}"" —)• R given by 

F[s]:= E [F(x)-Xs(a:)]- 

We call F[s] the sth Fourier coefficient of F, and its order is defined to be |s|, the number of 
nonzero bits in s. 

The characters form an orthonormal basis for the space of all F : {0,1}” —R. In particular, 

the Fourier expansion of F is 

S 

The expectation of F under any distribution X can then be written as 

\[F{x)] = Y,Hs]- E [x.(x)]. 

X'^X 

s 

We can now define notions of “Fourier growth”: 

Definition 2.3. The Fourier mass at level k of F : {0,1}" —)• {0,1} is the quantity 

:= ^ \f[s]\, 

\s\=k 


where for k < 0 and k > n,we say that L^[F) = 0. The Fourier mass of F is merely L^{F). 

We also define L-^ = Ylk'>k (F). For any p G [0,1], the p-damped Fourier mass is the 
quantity 

Lp{F) := • \f[s] . 

k>0 Sf^O 

The motivation for working with Lp is that a bound on Lp yields bounds on each L^. 

Lemma 2.4. For all p G [0,1], 


max 

k 


p'^L'^{F) < Lp{F) < n ■ max p^L^{F) 
J fc L . 


3 A Fourier Growth Bound 


To prove Theorem 1.2 we will show that for any function F computed by a read-once AC^ circuit. 


Lp{F) can be bounded in terms of the size, depth, and both F[0] and (1 — F[0]). 

Theorem 3.1. If F : {0,1}” —)■ {0,1} is computed by a read-once, depth-D AC^ circuit then 

Lp{F) < p ■ min(.F[0], 1 — F[0]) • (9log {A^n/e)')^ + e. 
for all e < 1/n and p < 1/(9 log(4'^n/e))^. 


( 1 ) 
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We will prove the theorem by induction on the depth D. The following propositions will allow 
us to analyze the Fourier growth of formula F in terms of its immediate subformulas (which are at 
smaller depth). 

Proposition 3.2. If F : {0, |q^ the AND of functions Fi : {0, —>• {0,1} and 

F 2 : {0, 1}"’2 |0j 1 }^ then for all s G {0,1}”^ and t G {0,1}"’^, F[s o t] = Fi[s] • F 2 [t]. 

Proof. Because F = Fi ■ F 2 , hy definition we have that 

F[s ot]= E [(Fiix) ■ F 2 {y)) Xsot{x o y)] 

XOy'^Un-i +n2 

= E [Fi{x)xs{x)] ■ E [F2{y)xt{y)] = Fi[s] ■ Ait], 

X'^Un-^ y~L/n2 

where in the penultimate equality we use the fact that Xsot{x oy) = Xs{x) ■ Xt{y)- D 

Proposition 3.3. If F : {0,1}"'!”' —)> {0,1} is the AND of functions Fi : {0,l}"'i —)• 

{0,1},...,F^:{0,1}--^{0,1}, then 


Lp{F) = l[{Lp{Fi) + F,[0]) - n ^*[0]. 

i=l i=l 


Proof. We will prove this for the case of m = 2; the proof for general m is entirely analogous. 

we have that L^{F) = Y17=o ' L^~^{F 2 ) for A: > 1. 


3.2 


From Proposition 
Rewrite the left-hand side of the desired equality as 

n / n n \ 

Y,p"AiF)= -L°(Fi)L°(F2) 


k=l 


\k=0 
f n 


i=0 




vi=0 


Y,AlKF2) I -L\F^)L\F2) 

J=0 


= (Lp(Pi) + l0(Fi)) • {Lp{F2) + L°(F2)) - L\Fi)L\F2) 

and we get the desired result because L^{F) = F[0] for all (0, Ij-valued functions F. 
We are now ready to prove our Fourier growth bound. 


□ 


Proof of Theorem S.f. Base case {D = 0): P is a constant, the identity, or the negation of the 
identity. If P is a constant, then Lp{F) =0. If P is the identity or its negation, then the Fourier 
expansion of F is either F{x) = 1/2 — x{x)A F{x) = 1/2 + x(x)/2, where x(x) = (—1)^. For 
either case, Lp{F) = p/2 and min(.F[0], 1 — P[0]) = 1/2. 

Now consider any F computed by a read-once AC® circuit of depth D on n inputs. Because 
both sides of 0 are invariant under negation of F, we can assume without loss of generality that 
F is the AND of functions Pi,...,F/ computed by circuits of depth D — 1 on ni,...,nk inputs, 
respectively; we call these functions the children of F. 

Let Ei = nje/(4n) so that ^^~^ni/ei = A^n/e and — We inductively know that 0 
holds for every Fi and Ei so that 


Lp{Fi) < p ■ min(Fi[0], 1 - .Fi[0]) • (9log(4^n/e)) 


D-l 


+ £i- 


( 2 ) 
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For the inductive step, roughly, we will show that either the ratio Lp(F’)/min(i^[0], 1 — -F[0]) is 
small, or Lp{F) < e. Our analysis will be divided into the following three cases: 1) some child of F 
has very low acceptance probability, 2) the expected number of children Fi of F which output zero 
under uniformly random assignment to the inputs to F is at most logarithmic, or 3) the expected 
number of children which output zero is large. In case 1, Fi[0] being low for some i inductively 
implies that Lp{Fi) is low enough that Lp{F) < e. In case 2, we reduce bounding Lp{F) to bounding 
^ ■ Lp(Fj)/Fj[0], and we again use the inductive hypothesis to argue that this is small. In case 3, 
we show that Lp{F) is inversely exponential in the expected number of children which output zero 
and thus that Lp{F) < e. 

Case 1. There exists some i G [/c] for which Fi[0] < e/4. 

For all j G [A:], by Q , we have that 

Lp{Fj) + F,[0] < i? [0] -{l+p- (91og(4^n/e))^“^) + e,- < 3i? [0]/2 + e/4, 

Lp{Fj) + F, [0] < F, [0] + (1 - F,[0]) • p • (91og(4^n/e))^"^ + e,- < 1 + e/4. 


Since Fi[0] < e/4, the former inequality gives Lp{Fi) + Fi[0] < 5e/8. Moreover, Lp{Fj) + < 

1 + e/4 for all j ^ i. Thus, by Proposition 3.3, we have 

k 

Lp{F) < lliLpiF,) + FM) < ^e-(l + e/4)"-i <e, 

as e < 1/k. 

Case 2. .Fj[0] > e/4 for all i G [k] and < 2log(4'^n/e). 

We can rewrite Lp{F) as 


Lp{F) = • (u 

< F[0] • ( exp ( ^ 


Lp{Fi) 


LpjPA 
^40] / 


+ 1-1 


- 1 


(3) 


Now we must simply upper bound Lp{Fi)/Fi[0]. Since min(x, 1—x) < 2x{l — x) for any x G [0,1], 

by Q we have 


■ (91og(4^n/e))" " + ^ei/Ti[0] 


D-l 


^*[0] 


(4) 


< p • (4/9) • (9 log(4^n/e))'^ + 1 < 2, 


where the penultimate inequality follows from the hypotheses of Case 2. Applying the inequality 


— 1 < 4x for X < 2 to Q gives 


Ap(F)<T[0]- 4^ 


Lp{Fi) 
^*[0] , 


( 5 ) 


Suppose F[0] > 1/2. Then because e < 1 — x for 0 < x < 1/2, we have 


exp (-2(1 - F[0])) < F[0] = [](! - (1 - ^*[0])) < exp - ^(1 - T,[0]) 
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and thus “ ^iM) — ^(1 — -^[0])- By ([^ and Q, we have 


Lp{F) < 8F[0] - p- (91og(4^n/e))^-i • ^^(1 - F,[0]) + 4 

i i -^n^J 

< 16p • (91og(4^n/e))^“^ • (1 — -F[0]) + e 


as desired, where in the latter inequality we used the fact that -F[0]/i^j[0] < 1 for all i ^\k]. 
Now suppose F[0] < 1/2. Then by @ , we can rewrite © as 


Lp{F) < .P[0] • • (9 log(4^n/e))-^ ^ ^ Si/Fi[0]j < p ■ F[0] • (9 log(4^n/e))'^ + e. 

Case 3. Fj[0] ^ for all i G [k] and X]j(l — Tj[0]) > 2log(4'^n/e). 

By 

[](Lp(F,) + Fi[0]) < H (f,[0] +p( 1 - Fi[0])(91og(4^n/e))^-i + ei) 

i i 

= n log(4^n/e))^"^) + Ei) 

i 

< l/exp^^ (^(1 - Fi[0]) (1-p(91og(4^n/e))^“^) -e*)^ • 

But because p < 1/(9 log(4^n/E))'^, p(9 log(4'^n/e))^“^ < 0.1, so 

^ ((1 - F,[0]) (1 - p(91og(4^n/e))^-i) - > 0.9 ^(1 - F,[0]) - e/4 

i i 

> l.S\og{4Pn/e) — e/4 

> log(4^n/E) > log(l/E), 


so we conclude that Wi{Lp{Fi) + .Fi[0]) < 


□ 


{0,1} is computed by a read-once AC^cir cuit of depth D = 0(1), 
n/e))^, so in part 

L^{F) < 0(log^-B 


Corollary 3.4. If F : {0,1}*" 
then Lp{F) < 0(1) for p < l/(91og(4'^n/E))^, so in particular, by Lemma 2-4 


n) 


for all k. 

Proof. As before, say that F is the AND of some Fi,...,Fk. If we apply Theorem o to each Fj 
with p = l/(91og(4^“^n/E))'^“^ to get 


Therefore, by Proposition 
Lp{F) < 0(1) as desired. 


Lp{Fi) + Fi[0] < min(Fj[0], 1 — Fi[0]) + e + Fj[0] < 1 + e. 

Lp{F) < (1 + e)^. In particular, for D = 0(1) and e = 1/ 


3.3 
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□ F 





Note that the proof of our Fourier growth bound amounts to inductively showing in Theorem 3.1 
that for fixed p = 1/(9 log(4'^n/e)) 0 holds for every descendant of the root, and then 

concluding in the proof of the above corollary that at the root, Lp{F) is small because Lp{Fi) is 
small for all children Fi. 

The reason the analysis for the root of F differs from that for its descendants is that we cannot 


strengthen Theorem (3.1) to show 


Lp{F) < p ■ min(F[0], 1 — F[0]) ■ (9log (4^n/e))^ ^ + e. 


for all p < 1 /0{log{n/e))^~^ . For example, when D = 1, this would say that for all sufficiently 
small p, we have Lp{F) < 0{p ■ min{F[0], 1 — .F[0]}) + e. This is false for F = A^=i when 
k = log(l/e) because then 


LpiF) 



n{kp) 

2 ^ 


but 0{p ■ min{F[0], 1 - F[0]}) + e = < Lp{F). 

Furthermore, as discussed in [23], Fourier growth bounds are related to the Coin Theorem of 
Brody and Verbin [8|. They proved that for a read-once, width-(H -|- 1) branching program F to 
distinguish the distribution X G {0,1}” of n independent samples from a coin with bias p € [—1,1] 
from the uniform distribution, \p\ must be at least n(log^~^re). Specifically, they show that for 
any such F, \ Ex[F’(X)] — E{/[F([/)]| < 0{\p\{logn)^~^). In Fonrier analytic terms, 


E[F{X)]-E[F{U)] 

= 


-A. U 


s^O 


( 6 ) 


which is simply Lp without absolute values. Read-once AC*’ circuits of depth D can be simulated by 
read-once, width-(T) -|- 1) branching programs, and jnst as Brody an d Ve rbin show that ([^ is small 


3.4 


shows that Lp is small for 


for p = l/0(log^~^ n) for read-once branching programs, Corollary 
this setting of p for read-once AC*’ circnits 

Moreover, by using the recursive tribes formula, Brody and Verbin show that their bound is 
essentially tight in the choice of p, implying that onr bound is tight as well. 


4 The Pseudorandom Generator 

In this section, we will show that the pseudorandom restriction generator of |26| can be used to fool 
read-once AC*’ circnits. Their result deals with fooling families of branching programs, so before 
recalling this result, we will define the relevant terminology. 

4.1 Branching Programs 

Definition 4.1. A length-n, width-rc branching program is a function B : {0,1}" x [tc] —)• [rc] 
which takes a start state u G [rc] and an inpnt string x G {0, !}"■ and outpnts a final state B[x]{u). 

We will think of B as having a fixed start state and accept state, both of which for conve¬ 
nience we will denote by the index 1. Then B accepts x G {0,1}"^ if R[x](l) = 1, and we say that 
B computes the function F : {0, 1}"' —>■ {0,1} if F{x) = 1 if and only if R[x](l) = 1. 

A branching program reads a single bit of the input at a time (rather than reading x all at once) 
and only keeps track of the state in [tc] at each step. We enforce this by requiring the program to 
be composed of smaller programs as follows. 










state 



Figure 1: An example illustration of a lengtti-6, width-4 branching program [2^ 


Definition 4.2. If B and B' are width-rc branching programs of length n and n' respectively, then 
the concatenation B o B' : {0,1}’^+"- x [tc] —)■ [re] of B and B' is the length-(n -|- n'), width-u; 
program defined by 

{B o B')[x o x']{u) := B'[x']{B[x\{u)). 

That is, first B o B' runs B on the first part of the input, then the start state of B' is set to the 
final state of B, and then B o B' runs B' on the rest of the input. 

Definition 4.3. A length-n, width-rc ordered branching program is a read-once program B 
that can be written as B = Bi o ■■■ o Bn where each Bi is a length-1, width-rc program. We will 
refer to Bi as the Ah layer of B, and Bi...j := BiO ■ ■ ■ o Bj will denote the subprogram of B from 
layer z to j. 

A length-n, width-tc ordered branching program can also be regarded as a directed acyclic 
graph. The vertices are arranged into n -|- 1 layers each of size w. The edges connect vertices in 
adjacent layers; in particular, for each layer i, each vertex u in layer i, and each b G {0,1}, there is 
an edge labeled b from u to vertex Bi[b]{u) in layer z -|- 1. 

We use the following notational conventions when referring to layers of a length-n branching 
program. There is a distinction between layers of edges and layers of vertices: the former are the 
length-1 subprograms Bi defined above and are numbered from 1 to n, while the latter are the 
states between the BiS and are numbered from 0 to n. The edges in Bi go from vertices in layer 
z — 1 to vertices in layer z. 

Lastly, as mentioned in the introduction, the pseudorandom generator we will use makes use of 
pseudorandom restrictions. We formalize the notion of restrictions to Boolean functions. 

Definition 4.4. For t, x G {0, !}"■, and F : {0,1}” —)• {0,1} the restriction of T to t using x, 
denoted is the function obtained by setting the inputs indexed by the zero bits of t to the 

corresponding bits of x and leaving the inputs indexed by the nonzero bits of t free. Formally, 

F\t^x{y) = F(Select(t,y,x)), 

where 

Select(t, z/, x)j = < ^* * 

[xj ti = 0 

We can define restrictions of branching programs B : {0, !}"■ x [zc] —)• [zx] analogously. 

4.2 Closure Under Restrictions, Subprograms, and Permutations 

We now state the result of [26] on pseudorandomness for branching programs and show that it can 
be applied to our setting. 
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Theorem 4.5 f [26]. Theorem 5.1). Let C be a family of ordered branching programs of length 
at most n and width at most w that is closed under taking restrictions, taking subprograms, and 
permuting layers - that is, if B £ C computes some function F : {0, !}"■ —)• {0,1}, then B\t^x £ C 
for all t,x G {0,1}"', G C for all 1 < i < j < n, and ttB, Btt G C for all permutations 

TT : [w] —>■ [u;] where {7rB)[x]{w) = i?[x](7r(ri;)) and {B7r)[x]{w) = Tr{B[x]{w)). Suppose that, for all 
k G [n] and all F computed by some B £ C, we have L^{F) < ab^, where b >2. 

Then for e > 0, there exists a pseudorandom generator Ga,b,n,e ■ {0,—>• {0,1}"" with seed 

length Sa^b,n,e = O (b ■ log(6) • log(n) • log f \ \ such that, for any F computed by some B £ C, 


E [F{Ga,b,n,s{Us^, 

^S(x ,b,n,e 


b,n,£ 


))-^[F{U)] 


< e. 


Moreover, Ga,b,n,e can be computed in space 0{sa,b,n,£)- 

Note that the statement above differs slightly from the statement in [2^]; in particular, the seed 
length Sa,b,n,e above is related to their seed length ta^b,n,e by Sa,b,n,£ = twa,b,n,e- The reason is that 
in |2^, branching programs are regarded as matrix-valued functions B : {0,1}"' —)• {0, where 

= 1 if and only if B[x]{u) = v, whereas we are concerned only with the Boolean functions 
computed by branching programs. 

In the theorem stated in |26|, the hypothesis was that L^{B) < ab^, where Lf{B) is defined in 
terms of the matrix-valued Fourier transform and the subordinate matrix norm ||•|| 2 ■ In general, 
if M is a re X tc matrix whose entries are each bounded in absolute value by G, then ||M ||2 < w -G. 
Therefore, L^{B) < w ■ max^ L^{Fu^v), where Fu^v is the function computed by B if we use 
u as the start state and v as the accept state. But since the family C is closed under permuting 
layers, we have a bound on L^{Fu^v) for all u,v. 

To apply their construction to our setting, we need to show that every function F computed 
by a read-once AC^ circuit is computed by some branching program B whose restrictions and 
subprograms can be simulated by read-once AC*’ circuits. 

Firstly, given a branching program B, vertex layers i,j £ [n], and states di,d 2 £ [rc], define 

Bi'f ■■ {0, ^ {0,1} by 

= I|B.-y[i](<ii) = d,]. 

Now define the class C to be the set of ordered, length-n, width-H -|- 1 branching programs B 
on variable sets V{B) C [n] such that for all i,j £ V{B) and di,d 2 £ [D -|- 1], is computed 

by an AC*’ read-once formula of depth D. 

Proposition 4.6. If F : {0, !}"■ —)> {0,1} is computed by a read-once, depth-D AC*’ circuit, then F 
is also computed by an ordered, length-n, width-{D -£ 1) branching program B £ C. 

Proof. We will induct on depth. The claim is trivially true for D = 0 in which F can only be a 
constant, the identity, or the negation of the identity. 

Now consider any F computed by a read-once AC*’ circuit of depth D on n inputs. Assume 
without loss of generality that F is the AND of functions Fi,...,Fk computed by circuits of depth 
D — 1 on ni,..., nfc inputs respectively (the argument for the case where F is an OR of functions is 
completely analogous). 

Inductively, we have ordered branching programs R’, ..., B^ G C of width D on m,..., inputs 
which compute Fi,...,Fk respectively. To construct the desired branching program B for F, we 
essentially concatenate the B^, .., B^ and, for each i £ [k — 1], connect the accept state in the last 
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layer of i?* to the start state in the first layer of and connect the non-accept states in the last 
layer of to a non-accept state in the last layer of 

Formally, for each B^ define B’^ to be the width-(L) -|- 1) program given by introducing an extra 
state reject to each layer of vertices and rearranging the edges in the last layer that do not lead 
to the accept state to lead to the reject state instead. Specifically, define B''’ = B'^ o ■ ■ ■ o B'^_ for 
length-1, width-(Zl -|- 1) programs {Bj} as follows. For x G {0,1}, u ^[D + 1], and m G [n*], 

reject u = reject, or 

m = m and B^^ [x] (u) 7 ^ 1 
Bl^ [x] (n) otherwise 

Now define B to be B'^ o • • ■ B'^. F is satisfied if and only if each of the Fi is satisfied. By 
construction, each can only end on 1 or reject, and it ends on 1 if and only if in the 

computation of B, 5'*+^ started in state 1 and is satisfied. But the former holds if and only 
if B'^ ended in state 1, so we conclude that B ends on 1 if and only 5'* ends on 1 for all i, which 
happens if and only if Fi outputs 1 for all i. Therefore, B computes F. 

It just remains to check that every can also be computed by a read-once AC® circuit. If 

the first and last layers of S both lie in a single B'™, then we’re done by the inductive hypothesis 
on Fm- Otherwise, suppose S starts at state di of the the iith layer of B'^^ and ends at state ^2 
of the i 2 nd layer of B'^'^. By the inductive hypothesis on Fj^ and Fj^^ the subprograms 

and computed by read-once AC® circuits of depth 0 — 1, call them G and H. Then 

the function that the subprogram S computes is also computed by the depth-O circuit 

G A Fg+i A • • • A Fm-i A H. 


B'^[x\{u) = < 


□ 


It is fairly immediate that C is closed under taking restrictions, taking subprograms, and per¬ 
muting layers. Certainly if O G C, then Bi...j G C. Furthermore, if each is computed by a 

read-once AC® circuit , then is computed by Likewise, {'kB)’^}] 

and are computed by and respectively. 


di,d2 

j 




We can now take the family of ordered branching programs in the statement of Theorem 4.5 


to be this family C. By our Fourier growth bound in Corollary |3.4t we obtain a pseudorandom 
generator for read-once AC®. 


Corollary 4.7. For every n G W, e > 0, there exists a pseudorandom generator G : {0,1}^"''= —)• 
{0,1}” for Sn,t = 0(log'^n • log(n/e)) that e-fools any function F computed by a read-once AC® 
circuit of depth D on n inputs. 


5 Future Work 

Motivated by the analysis of [lOj in the case of read-once CNFs F, we see two directions for 
improvement upon the current seed length of 0(log^^^(n)). 

Firstly, we could try relaxing our notion of Fourier growth: rather than bounding L^{F), it 
suffices to bound L^{G) where G approximates F: 
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Proposition 5.1 ([9], Proposition 2.6). LetF, : {0,1}" —)• R satisfy F-{x) < F{x) < P+(x) 

for all X and E[/[/+([/) — /_(?/)] < 6. Then if X is an e-biased distribution, 


E[F{X)]-E[F{U)] 

A U 


< (5 + e • max{L(F+), L(F_)}. 


The functions T+ and T_ are called (5-sandwiching approximators for F. Gopalan et al. 
m used the results of [9] to construct sandwiching approximators with low Li-norm for read-once 
CNFs, and these approximators allowed them to set a constant fraction of the bits at each level 
of recursion {p = 11(1)), whereas the generator we use only sets a l/0(logn) fraction at each level 
(when D = 2). We would thus like to similarly exploit sandwiching approximators for arbitrary 
read-once AC*^ circuits to improve the seed length of the generator. 

Additionally, Gopalan et al. m showed that after each round of pseudorandomly restricting a 
constant fraction of the input bits, F shrinks from m to clauses, so after only O(loglogn) 

(rather than O(logn)) steps, the resulting GNF is sufficiently small with high probability that it 
can be fooled directly by a small-bias spac^ 

We would also like to argue that arbitrary read-once circuits shrink well under pseudoran¬ 
dom restrictions. At least in the case of truly random restrictions, as we show in Appendix [A] it 
is true that read-once AC^ circuits with all but l/polylog(n) of the input bits restricted will shrink 
with high probability to size polylog(n), which gives hope that our seed length can be reduced 
at least to O(log'^n). That said, it is not immediately clear to the authors how to modify the 
argument to handle pseudorandom restrictions. 
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A Random Restrictions Simplify Circuits 

We prove that any read-once circuit is approximated by read-once circuits which shrink 
to polylogarithmic size with high probability under a truly random restriction of sufficiently many 
bits. 

First, we make precise the distribution from which we are sampling our restrictions. 

Definition A.l. A distribution T on {0,1}” is p-reguiar if each bit is independently set to 1 with 
probability p. 

The restrictions we will be considering are such that t ^ T and x ~ 17 for T a p-regular 

distribution and U the uniform distribution. 

Theorem A.2. For e = l/poly(n), let F : {0,1}" —>■ {0,1} be computed by a read-once, depth-D 
circuit. Let T be a p-regular distribution for p = l/0(log'^“^ n) and U the uniform distribution on 

{o,ir. 

Then F has 0{n^)-sandwiching approximators Fi and F^ computed by read-once AC^ circuits 
of depth D such that and Fu\i^^ are of size at most 0(log^ n) with probability at least 1 — 2e 

over the choice of x ^ U, t ^ T. 

For the rest of this section, we will assume without loss of generality that the circuits we are 
dealing with consist solely of NAND gates, potentially with some NOT gates over the inputs. 
Indeed, any AND gate can be replaced with a negated NAND gate, and any OR of nodes can be 
replaced with the NAND of the negations of those nodes. By standard techniques, all the negations 
can be moved to lie directly above the inputs. 


A.l Collapse Probability 


To prove Theorem |A.2[ we will first prove that by Theorem 3.1, the probability that a read- 
once AC® circuit does not collapse to a constant under p-regular restriction is small relative to its 
acceptance and rejection probabilities. This lemma will then allow us to prove Theorem |A.2 in 
the last subsection by generalizing the arguments of [lOl Lemma 7.3] and [lOl Corollary 7.4] from 
depth-2 circuits to arbitrary constant depth. 

Lemma A.3. Let F : {0, !}"■ —>• {0,1} be computed by a read-once AC® circuit of depth D. For 
any e < 1/n, if p < l/(91og(4^n/e))^ and T is a p-regular distribution on {0,1}”, then 


Pr[El^.^ 2 , is nonconstant] < 2p ■ min ^E[0], 1 — .F[0]^ 


(91og(4^n/e))^ -|- 2e. 
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Proof. Without loss of generality, we can assume that F is monotone: if we have another F' given 
by adding NOT gates above some of the inputs, then because each bit is set to 0 or 1 with equal 
probability, F\i^^ and F'h^^ have the same probability of remaining nonconstant. 

By monotonicity, F\i^^ is nonconstant if and only if {F\i^_^){0) = where 0 and 1 

denote the strings of n repeated O’s and repeated I’s respectively. 

But 


^ [(Ui„)(i) - (r|i„)(o)] 


E[F(X)]-MF(y)] , 

J(. Y 


where X and Y are the distributions of n independent samples from a coin with bias p and —p, 
respectively. By Q and the triangle inequality, 


E[F(A)]-E[F(T)] 

< 


+ 




s^O 


s^O 


< 2 Lp(F), 


so we’re done by Theorem 3.1 


□ 


A.2 Concentrated Shrinkage 

Lemma A.4. For e = l/poly(n), let F : {0,1}"' —)• {0,1} be eomputed by a read-once, depth-D 
circuit such that for each node f, 1 — /[O] > e. IfT is a p-regular distribution and U is the uniform 
distribution, then F\i^^ is of size 0{log^ n) with probability at least 1 — e over the ehoice of x ~ U, 
t ^ T. 


Proof. Our claim is that each remaining node in fails to have fan-in at most O(logn) with 

probability at most e/{nD) so that by the union bound, fails to have the desired size with 

probability at most s. 

Fix some node f of F, and partition its children into chunks Cq, ..., Cm where Ci is the set of 
all children c for which 2* < 1 — c[0]/e < 2^^^. Note that m < O(logn) because e = l/poly(n). Let 
= OceCi ^[0] so that Yl^Si = l-m>e. For any i, < (1 — so that 

|a|<^log(l/£,) (7) 

2 *e 


Denote the nodes of Ci by c},..., C|p,|, and let YJ be the indicator variable equal to 1 if c* 
survives in F\i^_,^ (i.e. does not collapse to a constant), and 0 otherwise. Note that 


Pr(W = 1) < 2p • (1 - cl.[0]) • (91og(4'^-in/e)) + 2e < (T+^ + 2)e 


d-l 


ii+1 


( 8 ) 


where the penultimate inequality follows by Lemma A.3 We want to show that for each i, Yj- Yt 
is small with high probability. 

Let M G Z and k < M he some parameters which we will determine later, and let Sk{Yf ,..., |) 

denote the kth symmetric polynomial in the variables YJ^ It follows that 


Pr 


E h >" 


M 


<E[SkiYf,...,Y^^^)]< 


\Ci 


((T+i + 2)e)", 


^The fcth symmetric polynomial in xi ,..., Xn is defined to be 


<• • • 1 Ij 


nU^^r 
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where the former inequality holds by noting that if more than M of the Y- are 1, then there 
are at least (^) terms equal to 1 in SkiY^, and the latter inequality holds by Q and 

independence. Stirling’s approximation and Q give that 


Pr 


j 


< 


Ci\e 

M 


■ ( 2 *+^ 



< 


/ 3elog(l/£0 
V M 


k 


Now if e/{mnD) > X/rf for some constant c, take M to be 3eloglog(n)^^ log(l/ej) and k to be 


loglog(n)‘^^ for a large enough constant c' that (loglog(n)'^^)^°®*°®^”')'' > and Pr Ylj YJ > M 


< 


e/{mnD). A union bound over the m choices of i and the at most nD choices of node / gives the 
desired bound on probability that fan-in at / is at most 


3e log log(n)'’" log(l/ei) 


O (^loglog(n)‘'"^ ^log(l/ei) < O(logn), 

i 


where the last equality follows because Ui^i > e = l/poly(n). 


□ 


We now drop the assumption that rejection probability is not too small in order to prove 
Theorem IA.2I 


Proof of Theorem A.2, If T has the property that 1 —/[O] > e for every node /, then by Lemma 


A.4 


we can take Fi and to be F itself. Otherwise, we will show how to modify F to obtain sandwiching 
formulas with this property. 

Let L(G) denote the number of leaves of a formula G. We inductively show that each node / 
of depth d has 0 (L(/)y^)-sandwiching formulas fi and fu such that i) if fi (resp. fu) is not a 
constant, then £ < 1 - fi[0] < 1 - £ (resp. £ < 1 - /„[0] < 1 - £), ii) L{fu), L{fi) < L{f). 

This is certainly true for the leaves of F. Now fix a node / of depth d; for each c G c(/), we 
have sandwiching C£ and Cu satisfying i) and ii). We proceed by casework on 1 — /[O]. 

Case 1.1 — /[O] > £. 

Define (resp. /))) to be / but with each child c of / replaced by Cu (resp. c/f). Then 
(1 - /,[0]) - (1 - /[O]) = H 4[0] - n c[0] <o(-Y^ < 0{L{f)^e) 

Cu C \ Cu ) 

The same analysis tells us (1 — /[O]) — (1 — /j)[0]) < 0{L{f)y/e). If /)) > £, take fu to be /)); 
otherwise, take fu to be the constant 1 function, in which case 


(1 - /[O]) - (1 - fu[0]) < OiL{f)Ve) + £ < OiL{f)Ve). 


It follows that fi and fu are \/£-sandwiching formulas for / which satisfy ii) by construction. 

It remains to verify i). Assume fi and fu are nonconstant. For fi, we know 1 — fi[0] > 1 —/[O] > 
£, and 1 — /^[O] < 1 — £ because c)([0] =< 1 — £ for all nonconstant children Cu of fg. For fu, by 
construction, (1 — /n[ 0 ]) > £, and 1 — fu[0] < 1 — hi^] < 1 — £• 

Case 2.1 — ^[ 0 ] < £. 

Define fu to be the constant 1 function. Define to be / but with each child c of f replaced 
by Cu- If fi > £, take f to be f. 

Otherwise, we note that it’s possible to prune from enough children to get f such that 
£ < 1 — fi[0] < Assume to the contrary. Order the children Cu in any way {ci,...,Cfc} and 
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define = nU 1 - (1 - ^'*[ 0 ])- Then > ^/e and ( 7 ^ < e. Then either there is some j for which 

e < < \/£, or there is some j for which e < 1 — Cj [ 0 ] < \/e, a contradiction. 

By construction, fi and fu are sandwiching formulas for / which satisfy ii). 

It remains to verify i). fu is constant. For fg, 1 — /^[O] > e by construction. If fi = then 
because 1 — fi[0] < 1 — e for the same reason as in Case 1. Otherwise, we know by construction 

that 1 — fe[0] < < 1 — e. □ 


17 



